The following is an excerpt from Solutions Review’s 2017 Endpoint Security Solutions Buyer’s Guide, to view the whole report, download if for free here.
How good is the core functionality?
Apart from all the bells and whistles that are tacked on, endpoint protection includes three basic things: a malware scanner, a personal firewall, and the ability to control ports and devices. So, how well does your endpoint protection product perform those three basic functions? Does it rely on outdated methods like signature-based detection? Does it incorporate new techniques like sandboxing, whitelisting, or behavioral detection? How well does it execute on these concepts?
Will it run on all of my devices?
A typical enterprise has a veritable zoo of devices that are connected to its network—not just Windows and Apple computers, but cellphones running iOS, Android, Windows Phone, and even the occasional senescent Blackberry. That’s not even counting the servers. Can your endpoint protection product run on all these devices? Does it run well on different platforms? If the answer is no, you’ll need to either find a solution that’s platform-agnostic, or resign yourself to finding a second solution that will cover the platforms that the first one can’t.
Will it provide granular data?
Many endpoint protection solutions now provide asset tracking functionality, and enterprise products will include a visor where you can survey all connected devices. How much information can you get out of these viewpoints? If you have many servers and workstations, it may be useful to collect and track statistics on how many computers are running on outdated hardware. Another time-saver is the ability to remotely push updates to connected devices, or push notifications to users and admins. Even if you don’t need these capabilities right away, these features may become more practical as the size of your enterprise increases.
How does it react to the unexpected?
Let’s say that tomorrow morning, you find that a new piece of malware can exploit a vulnerability in an application you use—a Zero Day has emerged. How long does it take for your endpoint protection to be prepared? In a 2015 study by Damballa, seven percent of dangerous malware went unrecognized by signature-based detection systems for longer than a month, and for as long as six months. More up-to-date methods look for suspicious behavior in order to trigger alerts. Whatever solution you choose, endeavor to understand how fast they can react to new threats.
Is the product well supported?
Aside from all the discussion about feature sets, capabilities, and detection methods, support is the last important question. Emergencies don’t happen on a schedule, so can the vendor get you on the phone with an engineer at the drop of a hat? If not, can they train your staff to support the product on their own? Lastly, is training bundled into the price of the product, or offered separately? As always, having well-trained staff and a thorough knowledge of a security tool is equally as important as the tool itself.
Check out 5 more questions you need to ask yourself, as well as a full market overview of the top 24 vendors, their capabilities, and best use cases in Solutions Review’s 2017 Endpoint Security Buyer’s Guide, available as a complimentary download.
Latest posts by Jeff Edwards (see all)
- 17 Security Blogs You Should Be Reading in 2017 - September 14, 2017
- The Equifax Hack: What You Need to Know - September 12, 2017
- SentinelOne Introduces ‘Deep Visibility Module’ for IOC Search and Threat Hunting on the Endpoint - September 8, 2017